Limited Site Selection
Sites will be chosen for the cPanel Hosting for Missions Critical Sites service[cPanel Plus] based on a variety of factors that will improve security and performance in three ways:
- A smaller number of sites overall means a smaller attack surface and a decreased processing burden on the server
- A narrow subset of use cases ensures that the most critical websites cannot be impacted by less critical sites (such as student development projects or other projects that are not as rigorously mainained).
- A concierge approach to selection, migration, and management for a relatively small number of sites means greater assurance that all site owners are well informed of security and development best practices, and that web hosting staff are able to monitor the security status and facilitate timely updates of all site software in use.
Limited Software Options
Sites on cPanel Plus will be limited to fully-supported technologies appropriate for department level websites. By limiting software to a smaller set of well-supported packages, we limit the attack surface, as well as conflicts between possibly incompatible packages. Websites requiring experimental, unsupported, or self-maintained software will not be accepted into the service, and will be supported with other hosting options.
CloudFront and WAF for all sites
The cPanel hosting service protects against a variety of web- and network-based attacks using a software firewall on the cPanel server itself. By requiring all sites on cPanel Plus to utilize CloudFront, we are able to protect against even more attack types, and at the AWS level, before traffic reaches the cPanel Plus server. This improves the security posture, while at the same time, improving performance since the server itself is not responsible for tracking and blocking attack traffic.
Separate Database Server
The cPanel Plus service utilizes database server in Amazon RDS, separate from the cPanel server. This provides separation between the web host and the database, making certain types of attacks more difficult or impossible. Utilizing RDS also opens up opportunities for increased redundancy and disaster recovery options.